package org.hbgl.geoentity.admin.config;

import org.apache.shiro.authc.pam.FirstSuccessfulStrategy;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.hbgl.geoentity.admin.shiro.*;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;

import javax.servlet.Filter;
import java.util.*;

@Configuration
public class ShiroConfig {

    @Bean
    public Realm realmAdmin() {
        return new AdminRealm();
    }

    @Bean
    public Realm realmUnit() {
        return new UnitRealm();
    }

    @Bean
    public CustomModularRealmAuthenticator customModularRealmAuthenticator() {
        CustomModularRealmAuthenticator authenticator = new CustomModularRealmAuthenticator();
        Map<String, Object> definedRealms = new HashMap<>();
        definedRealms.put(UserType.ADMIN, realmAdmin());
        definedRealms.put(UserType.UNIT, realmUnit());
        authenticator.setDefinedRealms(definedRealms);
        authenticator.setAuthenticationStrategy(new FirstSuccessfulStrategy());
        return authenticator;
    }

    @Bean
    public SessionManager sessionManager() {
        return new WebSessionManager();
    }

    @Bean
    public DefaultWebSecurityManager defaultWebSecurityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setAuthenticator(customModularRealmAuthenticator());
        Collection<Realm> realms = new ArrayList<>();
        realms.add(realmAdmin());
        realms.add(realmUnit());
        securityManager.setRealms(realms);
        securityManager.setSessionManager(sessionManager());
        return securityManager;
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        // 管理后台接口
        filterChainDefinitionMap.put("/admin/auth/login", "anon");
        filterChainDefinitionMap.put("/admin/auth/sekaptcha ", "anon");
        filterChainDefinitionMap.put("/admin/auth/kaptcha", "anon");
        //首页接口
        filterChainDefinitionMap.put("/admin/node/unitList", "anon");
        filterChainDefinitionMap.put("/admin/**", "authc");
        // // 单位后台接口
        // filterChainDefinitionMap.put("/unit/auth/login", "anon");
        // filterChainDefinitionMap.put("/unit/unit/**", "anon");
        // filterChainDefinitionMap.put("/unit/**", "authc");

        // 公共接口
        shiroFilterFactoryBean.setLoginUrl("/public/401");
        shiroFilterFactoryBean.setSuccessUrl("/public/index");
        shiroFilterFactoryBean.setUnauthorizedUrl("/public/403");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

        /* ************* 注册自定义授权过滤器 开始******************/

        // 1、创建过滤器Map，用来装自定义过滤器
        LinkedHashMap<String, Filter> map = new LinkedHashMap<>();

        // 2、将自定义过滤器放入map中，如果实现了自定义授权过滤器，那就必须在这里注册，否则Shiro不会使用自定义的授权过滤器
        map.put("authc", new ShiroLoginFilter());

        // 3、将过滤器Ma绑定到shiroFilterFactoryBean上
        shiroFilterFactoryBean.setFilters(map);

        /* ************* 注册自定义授权过滤器 结束******************/
        return shiroFilterFactoryBean;
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

    @Bean
    @DependsOn("lifecycleBeanPostProcessor")
    public static DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator();
        creator.setProxyTargetClass(true);
        return creator;
    }
}
